AnC attack and failure to mention RAP

3 replies [Last post]
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

https://www.vusec.net/projects/anc/ is the attack I'm referring to (code at https://github.com/vusec/revanc). I just wanted to start a discussion about how it's kind of weird that everybody is freaking out despite this being a known problem with ASLR. ASLR was just a bandaid in preparation for RAP, which is now available (see https://grsecurity.net/rap_announce_ret.php). Honestly, I think it's rather sad that there's not a single mention of RAP at any of the discussions I've seen. I guess it just really shows that people at places like https://news.ycombinator.com/item?id=13650611 don't really understand real security. At least there's still SOLDIERX, where you won't get any of that cargo cult security crap Wink

If people keep wasting their time on this old shit, grsecurity is going to be in business for a long time.